CVE-2025-7653
BaseFortify
Publication date: 2025-07-19
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | epay.bg_payments | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7653 is a Stored Cross-Site Scripting (XSS) vulnerability in the EPay.bg Payments plugin for WordPress, specifically in the 'epay' shortcode. The vulnerability exists because the plugin does not properly sanitize or escape user-supplied attributes. This allows authenticated users with contributor-level access or higher to inject malicious scripts into pages. These scripts execute whenever any user accesses the infected page, potentially compromising user data or site integrity.
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access to inject arbitrary JavaScript into pages viewed by other users. This can lead to theft of user credentials, session hijacking, defacement of the website, or distribution of malware. Since the scripts execute in the context of the website, it can compromise the security and trustworthiness of the affected site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning WordPress installations for the presence of the EPay.bg Payments plugin version 0.1 or earlier. Additionally, inspecting pages or posts that use the 'epay' shortcode for suspicious or unexpected script injections can help identify exploitation attempts. Since the vulnerability involves stored Cross-Site Scripting via shortcode attributes, searching the WordPress database for 'epay' shortcode usage with suspicious script tags or unusual attribute values may reveal compromised content. There are no specific commands provided in the resources, but typical detection methods include using WP-CLI to search posts, e.g., `wp post list --post_type=page,post --field=ID | xargs -I % wp post get % --field=post_content | grep -i epay`, or scanning web traffic for injected scripts in pages using the shortcode. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating or removing the vulnerable EPay.bg Payments plugin if an update is available beyond version 0.1. If no update is available, disable the plugin to prevent exploitation. Additionally, restrict contributor-level and above users from adding or editing content with the 'epay' shortcode until a fix is applied. Review and sanitize existing content for injected scripts and remove any malicious code. Implement Web Application Firewall (WAF) rules to block suspicious input patterns related to the shortcode attributes. Finally, consider applying input sanitization and output escaping patches if possible. [1]